Online banner ads running on MySpace.com and web sites infected more than one million users with adware, according to net security firm iDefense.

The attack exploited a Windows Metafile (WMF) exploit, fixed by Microsoft in January, to infect vulnerable Windows machines with malware from PurityScan/ClickSpring family of adware. The malware surreptitiously tracks internet usage while bombarding infected users with pop-up ads.

The banner ad that played a staring role in the attack ostensibly advertised a site called deckoutyourdeck.com. In reality, machines were directed to Russian-language website in Turkey, which tracked the number of times adware programs were downloaded, the Washington Post reports.

Data on the site suggested that the adware had been installed on 1.07m PCs, a huge figure that equates to a big payday for the unknown perpetrators of the attack and plenty of pain for ordinary surfers. ®

Related stories

• MySpace celebrity hacker downs hacking forum (7 December 2007)
• Updated DoubleClick caught supplying malware-tainted ads (13 November 2007)
• Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users (11 September 2007)
• MySpace to be co-opted into Month of Bugs (20 March 2007)
• MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
• Comment Silence and 'scareware' epidemic at MySpace (27 January 2007)
• Hackers debut Mac OS X adware (24 November 2006)
• VXers target online video (1 November 2006)
• MySpace phishing scam targets music fans (14 October 2006)
• MS revokes 'adware' distributor's community award (10 October 2006)
• Facebook mods controversial 'stalker-friendly' feature (8 September 2006)
• Users protest over 'creepy' Facebook update (7 September 2006)
• Murdoch offers film/TV downloads (14 August 2006)
• Social sites a breeding ground for malware: report (10 August 2006)
• MySpace for adults touts 18+ credentials (27 July 2006)
• MySpace to songwriters: sell more shirts (19 July 2006)
• Phishers aim to hook MySpace users (5 June 2006)
• In brief Teen hack suspects charged over MySpace extortion bid (25 May 2006)
• UK.gov repels zero day WMF attack (24 January 2006)
• Zero-day holiday (5 January 2006)
• Windows users waiting for serious fix (3 January 2006)
• World+dog scrambles to fight Windows flaw (3 January 2006)
• Trojan alert over unpatched Windows flaw (29 December 2005)